Note: This is an archival copy of Security Sun Alert 201359 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001032.1.
Article ID : 1001032.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2006-08-01
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Security Vulnerability With NIS server ypserv(1M) May Allow a Denial of Service (DoS) to Occur



Category
Security

Release Phase
Resolved

Product
Solaris 9 Operating System
Solaris 10 Operating System
Solaris 8 Operating System

Bug Id
6332906

Date of Resolved Release
13-JUL-2006

Impact

A local or remote unprivileged user may be able to prevent the ypserv(1M) NIS server process from answering NIS name service requests. A Denial of Service (DoS) may occur as clients currently bound to the NIS server may experience hangs or slow performance. Users may no longer be able to log in on affected NIS clients.


Contributing Factors

This issue can occur in the following releases:

SPARC Platform

  • Solaris 8 without patch 109328-06
  • Solaris 9 without patch 113579-09
  • Solaris 10 without patch 123186-01

x86 Platform

  • Solaris 8 without patch 109329-06
  • Solaris 9 without patch 114342-09
  • Solaris 10 without patch 122078-02

Symptoms

Should the described issue occur, the NIS server will no longer respond to client NIS requests. The ypserv(1M) process may no longer be running on the NIS server.

In the following example, ypcat(1) is seen to hang and is thus aborted with Control-C. The ypwhich(1) command displays the NIS server which is found to be otherwise alive:

    $ ypcat hosts | head
    ^C
    $ ypwhich
    yp-server
    $ ping yp-server
    yp-server is alive

On the NIS server, the ypserv(1M) process can be verified with the following command:

    # pgrep ypserv || echo "ypserv not running"

Workaround

To work around the described issue if the NIS server is unresponsive or not running, it can be stopped and restarted by running the following commands (as "root"):

    # /usr/lib/netsvc/yp/ypstop
    # /usr/lib/netsvc/yp/ypstart

Resolution

This issue is addressed in the following releases:

SPARC Platform

  • Solaris 8 with patch 109328-06 or later
  • Solaris 9 with patch 113579-09 or later
  • Solaris 10 with patch 123186-01 or later

x86 Platform

  • Solaris 8 with patch 109329-06 or later
  • Solaris 9 with patch 114342-09 or later
  • Solaris 10 with patch 122078-02 or later


References

123186-01
122078-02
109328-06
113579-09
109329-06
114342-09




Attachments
This solution has no attachment